File ocki-3.1_13_icsf_sign_verify.patch of Package openCryptoki.1904
commit 72a1ac0ae9898de4262c5b98751c281f8979704b
Author: Joy Latten <jmlatten@linux.vnet.ibm.com>
Date: Wed Mar 25 17:12:14 2015 -0500
References: bsc#954254
ICSF Token: chain data was not being copied for hmac signing and verifying.
Signed-off-by: Joy Latten <jmlatten@linux.vnet.ibm.com>
--- opencryptoki.orig/usr/lib/pkcs11/icsf_stdll/icsf_specific.c 2016-01-26 05:36:53.574209000 -0700
+++ opencryptoki/usr/lib/pkcs11/icsf_stdll/icsf_specific.c 2016-01-26 05:36:53.661250000 -0700
@@ -3584,7 +3584,12 @@ token_specific_sign_update(SESSION *sess
if (rc != 0) {
OCK_LOG_ERR(CKR_FUNCTION_FAILED);
rc = icsf_to_ock_err(rc, reason);
+ } else {
+ multi_part_ctx->initiated = TRUE;
+ memcpy(multi_part_ctx->chain_data, chain_data,
+ chain_data_len);
}
+
break;
case CKM_MD5_RSA_PKCS:
@@ -3733,7 +3738,8 @@ token_specific_sign_final(SESSION *sessi
}
rc = icsf_hmac_sign(session_state->ld, &reason,
- &mapping->icsf_object, &ctx->mech, "LAST", "",
+ &mapping->icsf_object, &ctx->mech,
+ multi_part_ctx->initiated ? "LAST":"ONLY", "",
0, signature, sig_len, chain_data,
&chain_data_len);
if (rc != 0)
@@ -4116,7 +4122,12 @@ token_specific_verify_update(SESSION *se
if (rc != 0) {
OCK_LOG_ERR(CKR_FUNCTION_FAILED);
rc = icsf_to_ock_err(rc, reason);
+ } else {
+ multi_part_ctx->initiated = TRUE;
+ memcpy(multi_part_ctx->chain_data, chain_data,
+ chain_data_len);
}
+
break;
case CKM_MD5_RSA_PKCS:
@@ -4183,6 +4194,7 @@ token_specific_verify_update(SESSION *se
memcpy(multi_part_ctx->chain_data, chain_data,
chain_data_len);
}
+
if (buffer)
free(buffer);
@@ -4253,7 +4265,8 @@ token_specific_verify_final(SESSION *ses
/* get the chain data */
rc = icsf_hmac_verify(session_state->ld, &reason,
- &mapping->icsf_object, &ctx->mech, "LAST", "",
+ &mapping->icsf_object, &ctx->mech,
+ multi_part_ctx->initiated ? "LAST":"ONLY", "",
0, signature, sig_len, chain_data,
&chain_data_len);
if (rc != 0)
